package com.zpz.framework.zpzoauth.config.oauth.authentication;

import com.zpz.framework.zpzoauth.common.utils.ZpzOauthFilterIgnorePropertiesConfig;
import com.zpz.framework.zpzoauth.config.oauth.authentication.exception.ZpzOauthAuthExceptionEntryPoint;
import com.zpz.framework.zpzoauth.config.oauth.authentication.exception.ZpzOauthCustomAccessDeniedHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.token.TokenStore;

/**
 * @author zhangpanzhi
 * @time 2019-07-09
 * @description 未经本人允许请勿随便改动，尊重劳动
 * */
@Configuration
@EnableResourceServer
public class ZpzOauthResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private ZpzOauthFilterIgnorePropertiesConfig zpzOauthFilterIgnorePropertiesConfig;
    @Autowired
    private OAuth2WebSecurityExpressionHandler expressionHandler;
    private Logger log = LoggerFactory.getLogger(this.getClass());
    @Autowired
    private TokenStore tokenStore;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //允许使用iframe 嵌套，避免swagger-ui 不被加载的问题
        http.headers().frameOptions().disable();
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
                .authorizeRequests();
        zpzOauthFilterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
        registry.anyRequest()
                .access("@permissionService.hasPermission(request,authentication)");

    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.expressionHandler(expressionHandler);
//        resources.accessDeniedHandler(accessDeniedHandler);
        //这里把自定义异常加进去
        resources.tokenStore(tokenStore).authenticationEntryPoint(new ZpzOauthAuthExceptionEntryPoint())
                .accessDeniedHandler(new ZpzOauthCustomAccessDeniedHandler());
    }

    @Bean
    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) {
        OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler();
        expressionHandler.setApplicationContext(applicationContext);
        return expressionHandler;
    }

//    /**
//     * 加密方式
//     * @return
//     */
//    @Bean
//    public PasswordEncoder passwordEncoder(){
//        return new PasswordEncoder() {
//            @Override
//            public String encode(CharSequence charSequence) {
//                String rawPassword = charSequence.toString().trim();
//                log.info("*************网关：encode：：："+rawPassword);
//                String pwd = ZpzOauthSaltUtil.getPwd(rawPassword);
//                log.info("*************网关：passwordEncoder：：："+pwd);
//                return pwd;
//            }
//            /**
//             * 前端传递的密码/client_secret charSequence
//             * */
//            @Override
//            public boolean matches(CharSequence charSequence, String s) {
//                String rawPassword = charSequence.toString().trim();
//                log.info("*************网关：matches明文密码：：："+rawPassword);
//                String pwd = ZpzOauthSaltUtil.getPwd(rawPassword);
//                log.info("*************网关：matches：：："+pwd);
//                boolean equals = Objects.equals(pwd, s);
//                log.info("*************网关：matches：比较结果：："+equals);
//                return equals;
//            }
//        };
//    }
}
